GitHub OAuth Apps let users log in to your app using their GitHub account. You can also take actions on behalf of users using the GitHub API, like posting comments or closing pull requests. In this article, I’ll explain how to support GitHub login using Node.js and Express, and how to use the GitHub API once you’ve got an access token for the user.
Most tutorials use Passport, but Passport is usually unnecessary. This tutorial will use vanilla Express, with no dedicated OAuth frameworks.
The web OAuth 2.0 login flow has 3 steps:
When implementing Passport-free OAuth login, you need 3 routes:
First, you need to create a GitHub OAuth App. Go to your Developer Settings page and click “New OAuth App.” Make sure you create a new OAuth App, not a new GitHub App.
Create a new GitHub OAuth App with http://localhost:3000/oauth-callback
as the OAuth redirect URL. Once you’ve created a GitHub OAuth App, note the Client Id and Client Secret:
Now that you have a Client Id and Client Secret, you can build a minimal Express API that redirects to GitHub to authorize your app:
const express = require('express');
const app = express();
const clientId = 'OMITTED';
const clientSecret = 'OMITTED';
app.get('/', (req, res) => {
res.redirect(`https://github.com/login/oauth/authorize?client_id=${clientId}`);
});
app.listen(3000);
console.log('App listening on port 3000');
#node #express #github #oauth #security